Abstract: Techniques described and suggested herein include distributed deletion request processing and verification. For example, incident to migration of original data from a first data store to a second data store, verifications and confirmations related to removing the original data from the first data store may be performed so as to ensure the integrity of the original data represented on the second data store prior to removing the actual original data on the first data store. In some embodiments, the verifications and confirmations performed in connection with a deletion request may be apportioned to multiple entities, each of which may not fully trust the others. As a result, in some embodiments, a given deletion request may only be fulfilled if all of the entities involved in the verification process individually provide authorization to execute the deletion request.

Abstract: Systems and methods are described for rotating keys in a trust store to be used by a group of peer devices for secure communications between the peers in the group. In some examples, a service, such as an identify authority service, may make a determination that a set of peers that individually trust at least one public key from a group of public keys satisfies a set of conditions. As a result of the determination, the service may update the plurality of public keys by at least removing at least one public key from the group of public keys and indicate the updated plurality of public keys to at least one of the peers in the group. The service may remove the at least one public key from the group upon determining that less than a threshold number of peers in the group use the at least one public key.

Abstract: A switching device is implemented in a network-attachable data transfer device to provide data storage access to other such devices. In some embodiments, network-attachable data transfer devices are arranged in a clustered configuration to provide various computational and storage services. When one or more devices of the cluster fails, various implementations associated with the switching device, via an external data interface, provide operational mitigation, optimized data recovery, and efficient reinstatement of normal operation of the cluster.

Abstract: Techniques for encrypting data using a randomly selected data block from a set of data are described herein. An index indicates a subset of data within a data object. The data block is selected based at least in part on the index, an input to a cryptographic operation is generated from the data block, and the input to the cryptographic operation is provided to the cryptographic operation.

Abstract: Techniques described herein enhance information security in contexts that utilize key management systems and cryptographic keys. A cryptographic structure is utilized to maintain cryptographic keys with associated expiration times such that after an expiration time associated with a cryptographic key has passed, the cryptographic key is no longer accessible.

Abstract: Techniques described herein enhance the durability of cryptographically protected communications sessions. The negotiation of a cryptographically protected communications session results in the negotiation of a primary secret and a secondary secret. The primary secret and secondary secret are stored in separate locations, such as in two locations in RAM, one of which being used as a RAM disk. The primary secret is used to cryptographically protect the communications session. Following the detection of a change of state event, the cryptographically protected communications session switches to the secondary secret in place of the primary secret to cryptographically protect the communications session.

Abstract: Techniques described and suggested herein include distributed deletion request processing and verification. For example, incident to migration of original data from a first data store to a second data store, verifications and confirmations related to removing the original data from the first data store may be performed so as to ensure the integrity of the original data represented on the second data store prior to removing the actual original data on the first data store. In some embodiments, the verifications and confirmations performed in connection with a deletion request may be apportioned to multiple entities, each of which may not fully trust the others. As a result, in some embodiments, a given deletion request may only be fulfilled if all of the entities involved in the verification process individually provide authorization to execute the deletion request.

Abstract: A data center may include a tape library rack module along with rack computer systems. The rack computer systems may be configured to provide computing capacity within a data center environment. In some embodiments, the tape library rack module may include an enclosure encompassing an interior of the tape library rack module, a rack within the interior, and a tape library unit mounted on the rack. The tape library rack unit may include tape cartridges configured to store data within a tape environment that is different than the data center environment. The tape library rack unit may be within a portion of the interior that is enclosed such that it is environmentally isolated from the data center environment. In some examples, the tape library rack module may include a cooling unit and/or a humidifier unit, which may provide the tape environment to the environmentally isolated portion of the interior of the tape library rack module.

Abstract: A data storage service stores a dataset on a set of storage nodes in accordance with a first encoding. A set of shards constituting quorum, and one or more additional shards, are stored on the storage nodes. The data storage system determines to store the dataset according to a second encoding, in which the second encoding has fewer total shards. The data storage system reconfigures the storage of the dataset in accordance with the second encoding, such that the reconfigured storage comprises subsets of shards from the first encoding that were not re-encoded in forming the second encoding.

Abstract: Techniques described and suggested herein include distributed deletion request processing and verification. For example, incident to migration of original data from a first data store to a second data store, verifications and confirmations related to removing the original data from the first data store may be performed so as to ensure the integrity of the original data represented on the second data store prior to removing the actual original data on the first data store. In some embodiments, the verifications and confirmations performed in connection with a deletion request may be apportioned to multiple entities, each of which may not fully trust the others. As a result, in some embodiments, a given deletion request may only be fulfilled if all of the entities involved in the verification process individually provide authorization to execute the deletion request.

Abstract: Cohorts may be created on storage nodes in an object-redundant storage system that uses replication and/or a redundant encoding technique. In a cohort with N nodes, M data elements (replicas or shards) of an object are stored to M of the nodes that are randomly (or otherwise) selected from the N nodes. Metadata for locating other data elements for an object in the cohort may be stored with one or more of the data elements in the cohort. To retrieve an object from a cohort, a subset of the nodes may be queried; the subset may be randomly or otherwise selected. If enough data elements are retrieved for the object from the queried nodes, the object is provided to the requester. Otherwise, additional data elements may be retrieved according to the metadata returned with a data element or by querying additional nodes.

Abstract: A switching device is implemented in a network-attachable data transfer device to provide data storage access to other such devices. In some embodiments, network-attachable data transfer devices are arranged in a clustered configuration to provide various computational and storage services. When one or more devices of the cluster fails, various implementations associated with the switching device, via an external data interface, provide operational mitigation, optimized data recovery, and efficient reinstatement of normal operation of the cluster.

Abstract: Cohorts may be created on storage nodes in an object-redundant storage system that uses replication and/or a redundant encoding technique. In a cohort with N nodes, M data elements (replicas or shards) of an object are stored to M of the nodes that are selected from the N nodes. Metadata for locating other data elements for an object in the cohort may be stored with one or more of the data elements in the cohort. To reconcile the nodes, common object lists are generated on each node for at least one other node from the metadata, hashes of the lists may be exchanged among the nodes, and the hashes are compared. If the hashes for two nodes differ, specific differences are determined, and a reconciliation process performs reconciliation based on the determined differences.

Abstract: Techniques for encrypting long-term data using layered encryption based on difficult to obtain secrets are described herein. The set of data to encrypt is designated as the source data for the first iteration. Then, for each iteration, a derived set of data is generated from a set of random data and the source data is combined with the derived set of data to produce a set of encrypted data. The set of encrypted data is then designated as the source data for the next iteration.

Abstract: A multilayered index is implemented for data stored in a data storage system. The multilayered index may include a granular index that specifies the location of specific files or abstractions within the data storage system, while a skip table specifies segments of the abstractions, and may point to both the granular index and the data storage devices of the data storage system. In redundancy coded systems, the use of multilayered indices may enable asynchronous retrieval of data during normal or adverse operation (such as during periods of varying data availability).

Abstract: Erasure encoded fragments are generated by an erasure encoding scheme, represented by an erasure encoding matrix, operating on a data file. A new erasure encoded fragment may be generated from previously-generated erasure encoded fragments without reconstructing the original data file. Available and valid erasure encoded fragments are identified and a set of those fragments is selected. A composite encoding matrix is generated based upon the selected fragments and the fragment specified to be generated. The composite matrix is applied to the selected fragments to produce a plurality of partial sums. The partial sums are then combined to generate the specified fragment. The partial sums may be produced by different devices so as to distribute the computational workload and/or to reduce network traffic. The integrity of a generated fragment may be verified by generating the specified fragment twice, using two different sets of fragments, and then comparing the two results.

Abstract: A data storage service stores a dataset on a set of storage nodes in accordance with a first encoding. A set of shards constituting quorum, and one or more additional shards, are stored on the storage nodes. The data storage system determines to store the dataset according to a second encoding, in which the second encoding has a greater number of shards. The data storage system reconfigures the storage of the dataset in accordance with the second encoding, such that the reconfigured storage forms additional shards for the second encoding by combining portions of shards of the first encoding.

Abstract: A switching device is implemented in a network-attachable data transfer device to provide data storage access to other such devices. In some embodiments, network-attachable data transfer devices are arranged in a clustered configuration to provide various computational and storage services. When one or more devices of the cluster fails, various implementations associated with the switching device, via an external data interface, provide operational mitigation, optimized data recovery, and efficient reinstatement of normal operation of the cluster.

Abstract: Techniques for encrypting short-term data using layered encryption based on difficult to obtain secrets are described herein. Data that will be encrypted is designated as the source data for a first iteration of a layered encryption. An index indicates a data block within a large set of random data. The data block is encrypted and the encrypted data block is combined with the source data for the iteration to produce set of cryptographic data for the current iteration. The set of cryptographic data is used to generate cryptographic key data that is used to encrypt the index and the encrypted index is stored. The set of cryptographic data is then used as the source data for the next iteration.

Abstract: A system and method for obtaining a request to perform a data operation with a volume, wherein the volume is a logical storage space in which data objects may be stored, determining a plurality of zones for performing the data operation with the volume, wherein each zone of the plurality of zones comprises a series of sectors of a computer-readable storage medium that forms an append-only section of the computer-readable storage medium, and performing the data operation with the volume on the plurality of zones.